Decoder and system of subscription television data processing, and two or more decoder control method

FIELD: information technology.

SUBSTANCE: decoder and subscription television data control system proposed contain at least two decoders, each of those is connected to at least one removable protective module. The protection is realised using identification data, contained in the decoder and protective module indicated. Besides, each of the decoders contains a descrambler and subscription television data processing deactivation units. Each decoder also contains a counter, which influences the deactivation units mentioned. Besides, at least one of the removable protective modules is assigned as primary and therefore contains decoder counter reinitialisation units.

EFFECT: provision of capability to regulate decoder operation time and to adjust operation parameters at any time using protective module.

19 cl, 13 dwg

 

The technical field to which the invention relates.

The present invention relates to decoders for data processing pay-TV. It also relates to a data management system pay-TV and the management process, at least two decoders for data processing pay-TV.

The level of technology

In the General case to gain access to encrypted information relating to programmes broadcast by pay TV operators, such as movies, sports programs and the like, it is necessary to purchase a subscription, a decoder and a security module. Some subscribers may use multiple decoders and multiple protection modules so that multiple users could access the programs that are broadcast on several television installations located in different areas.

In this case, the price of additional copies of the subscription, decoders and/or protection modules is usually lower than the price of the first subscription, decoder and/or a security module. However, the challenge is to prevent the acquisition of subscriber multiple sets of decoders and protection modules at a reduced price provided for the purchase of additional sets, and provide to third parties non-subscribers, a opportunity to use the education of such reduced prices, or resale of these sets at prices lower than the standard purchase price of the set.

Solution that can prevent the occurrence of such situations, is the introduction of the operation, weakly limiting subscriber who in good faith uses multiple decoders and their accompanying security modules within a single home, but greatly restricts the subscriber, resale decoders and protection modules, or buyer of such modules. In addition, without this operation decoding transmitted information becomes impossible.

System, partly for achieving this goal is described in the European patent published under the number EP 0826288. This document describes the pay TV systems containing multiple TV installations, each of which is associated with a particular subscriber. Each unit contains at least two decoders, each associated with a microprocessor card (also called a smart card)that is designed to provide decrypt information sent to the decoders connected to the television system. Each microprocessor card contains a certain amount of data, providing its identification. This information is called "binding data"may be samoyedes, key or other identifying element. All cards associated with the same subscriber, have at least one common element linking data. Cards of different subscribers do not have common data elements.

Microprocessor cards subscriber or at least one of them can be deactivated (turned off) in accordance with pre-established criteria. As such criteria may be used, for example, a particular date or period of use. After deactivation of the card to decrypt the control words is not possible. Information sent to the decoder, can not be decrypted without the control words corresponding to the broadcast programs.

A deactivated card can be reactivated, if the subscriber has an active card and the decoder associated with the same subscriber. To implement this operation is known to the system at the specified invention uses the following steps :

The data associated with the active card, preserve in the decoder, in which you inserted this card. When you deactivate the card should be inserted in the decoder corresponding to the active map a given subscriber. Linking data such as signature, key, etc. stored in the decoder, is correlated with binding data card deactivated. If the data match, what about the counter, containing, for example, the date of the next deactivation or duration of use increases so as to be able to use the card within a certain time. If connecting the data does not match, re-initialize the counter to a deactivated card does not happen, the decryption of the control words remains impossible, and the information remains encrypted.

In this system, the reactivation of the deactivated card is permitted if one of the binding data are consistent with other, i.e. if they belong to the same subscriber, regardless of what the decoder is connected to an active card of the subscriber. In this case, if the card of the subscriber were sold to customers, the geographical position close to the position of the initial subscriber, the owners of the deactivated card can insert these cards at any decoder connected to the active card of the subscriber, and such cards will start working again. Thus, the limit function, component of the invention, implemented only partially.

In addition, there is a simple way to circumvent the limitations associated with the process at the specified patent. Buyer unauthorized set of decoder or microprocessor card is enough to buy two sets. Thus, he can always reactivate the card after it is inactive the activate your product.

Another problem occurs when deactivated all the cards. This can occur if the subscriber is rarely watch TV or missing after the deactivation of the first card to deactivate the last card. In this case, the reactivation card is impossible, and the only solution is to purchase a new card.

In accordance with the invention described in patent publication EP 0826288, all pertinent information, i.e. all data-bound and data related to the date of deactivation, stored on the card. Decoders only play the role of buffer memory for transmission linking data from the active card to another, deactivated, the map in the process of reactivation.

Another invention for solving the above-mentioned tasks described in patent publication U.S. No. 5748732. This document relates to the system of pay-TV, managing containing (lead) decoder and one or more managed (slave) decoders equipped with microprocessor cards. Microprocessor cards managed decoders have a relatively short limited duration, and at the end of the specified term such cards lose the ability to decrypt encrypted data. To reactivate microprocessor card, the validity of which has expired, the control center sends to the control is in store decoder authorization message EMM (Entitlement Management Message, message management authority). Managing the decoder processes the message and retrieves the new working data driven microprocessor cards. Data is stored in the control decoder. To reactivate a managed card, the user must insert it into the control decoder, which passes on this card saved data. After the card is inserted in the managed decoder, again it may work.

In accordance with this invention, as in the previous case, all essential data, in particular data relating to the validity of managed cards are stored on the cards themselves. Managing the decoder only plays the role of a "buffer memory", which is used to transfer the updated data with the management card to managed. In particular, the decoder does not contain a counter that could regulate the timing of the activation maps.

Disclosure of inventions

The present invention aims to offer an alternative solution that would provide secure and controlled access to the information sent by the operator. The problem to which the present invention is directed, is to provide a flexible regulation of the duration of validity of the decoder and adaptation of operating parameters using a security module at any time.

Another challenge is and the solution of which the invention is directed, is to provide opportunities for global control of each subscriber. Thus, the subscriber, resell one or more sets of decoder and a security module may be billed for viewing by users of these sets. This greatly enhances the effect of deterrence, which is beyond the scope of the present invention.

In addition, the invention provides the possibility of collecting and processing information provided by the sets of decoders and security modules, such as service data, or data associated with impulsive shopping programs that can be used for billing purposes and for statistical processing.

To solve the problem in accordance with the invention offers the decoder for processing pay-TV, associated with at least one removable module protection through identification data contained in the specified decoder and protection module, and the decoder includes a decoder module, characterized in that it further comprises means for deactivating the data processing pay-TV and the counter affecting mentioned means is deactivated in accordance with the counter value.

To solve this task also offers data management system PLA is nogo TV containing at least two decoders, each of which is associated with at least one removable module protection through identification data contained in the specified decoder and specified module protection, and each of the decoders includes a decoder module and deactivate data pay TV, characterized in that each decoder additionally will keep the counter affecting mentioned means is deactivated, and at least one of the security modules assigned to the leading module and includes means for reinit of these counters, decoders.

In addition, to solve this problem is proposed a method of controlling at least two decoders for data pay TV, each of which is assigned to the subscriber, and includes means for deactivating the data processing pay-TV and the counter affecting mentioned means is deactivated, and each subscriber has at least two removable security module, which can be locally connected to at least one decoder, and the process includes the following steps:

- determining at least one master module protection module protection belonging to the subscriber,

- the preservation of the identity of the master security module in each of the d the coders subscriber,

- deactivation processes data decoder by means of a counter in accordance with at least one predetermined criterion,

and reinitialization of the counter through the introduction of a host security module in idle decoder.

Brief description of drawings

The invention will become more clear from the following detailed descriptions with reference to the accompanying drawings, which illustrate an example embodiment of the invention, without introducing any limitations. In the drawings:

- figure 1 shows the elements located at the subscriber, and the elements located in the centre of broadcast programs, pay-TV,

on figa presents a flowchart of the operations associated with activation of the first decoder in accordance with the first embodiment of the invention,

on fig.2b presents a flowchart of the operations associated with activation of the second decoder for the same subscriber in accordance with the embodiment of the invention in figa,

- figure 3 presents a block diagram illustrating operation of the device according to the invention,

on figa presents a flowchart of the operations associated with activation of the first decoder in accordance with the second embodiment of the invention,

on fig.4b presents a flowchart of the operations associated with activation of the second decoders the same subscriber in accordance with the embodiment of the invention in figa,

- figure 5 depicts the system according to the invention operating in accordance with the third embodiment,it

on figa presents a flowchart of the operations associated with activation of the first decoder in accordance with a third embodiment of the invention, also illustrated in figure 5,

on fig.6b presents a flowchart of the operations associated with activation of the second decoder for the same subscriber according to the embodiment of the invention in figa,

- figa, 7b, 7C and 7d depict possible configurations of the device according to the invention.

The implementation of the invention

In the following description of several embodiments of the invention, it is assumed that the subscriber has multiple decoder STB1, STB2, STB3..., each of which is associated with the module ICC1, ICC2, ICC3... protection that can be performed, for example, in the form of chip cards or integrated circuit. Each decoder includes a decoder module (descrambler)intended for processing encrypted data, and providing the ability to view memory designed to store the identification data, and means is deactivated, providing grant or deny access to information in pay-TV.

In accordance with the embodiment of the invention, illustrated in figa and 2b, when s is yobretenie user of the first contract C1 subscribe to pay TV (step 20 on figa) they also sold the first decoder STB1, associated with the first module ICC1 protection. This action is illustrated in figa stage 21. As is well known to specialists in this area, the protection module regulates the rights related to broadcast programs, and sends to the decoder control words that allow the decoder to process information, pay-TV and, therefore, to decode encrypted information relating to such programs.

The acquisition by the user of all the elements required for decryption programs, i.e. subscription, decoder and a security module, it must first activate these elements to bring them into working condition. Without this activation, the installation may not perform processing of information in pay-TV.

In accordance with a specific embodiment of the invention for the first activation of the decoder STB1 and module ICC1 protect the subscriber should contact the center CG of management and report its identity, in particular identification number C1 associated with the contract of subscription, a unique identification number SNsassociated with the security module, a unique identification number SNdassociated with the decoder, and possibly your name (Sub1, Sub2) for authentication of the contract.

These steps are illustrated in figa stage 22. Identification, which was also referred to as serial numbers. These operations are usually carried out by the operator, which sets the system in the house of the subscriber.

The control center uses this information to register the subscriber (Sub1, Sub2) in combination with the decoder STB module and ICC protection, acquired them to produce a pair of decoder and a security module. It should be noted that the decoder and the protection module can be purchased separately, so as to be received by the control center relevant information control center has no evidence on which the protection module is connected with a specific decoder.

As shown in figure 1 under the General designation of CG, the control center contains at least one database that stores data that enables the connection of the protection module with decoder. In particular, the database of the control center contains a unique identification number SNdfor each decoder STB, managed data center. This unique number is associated with at least one key Ukencryption (symmetric or asymmetric type), its for each decoder. This encryption key called a "binding key", is also stored in the decoder. After the subscriber identification decoder using a unique number SNdand specify a unique number SNsa security module of the Central control is placed links in its database protection module with decoder. Figure 1 contents of the database is depicted in the form of three tables. One of the tables 15 contains a list of all decoders STB managed by the control center associated with their unique identification numbers, as well as with their corresponding keys Uk.

The second table 16 contains a list of all modules ICC protection and their unique identification numbers SNs. The third table 17 contains a list of contracts C1, C2... subscriptions and subscribers Sub1, Sub2..., each of which is connected, on the one hand, with the appropriate decoder STB, and on the other hand, with the ICC module protection. This table also contains a list of products P acquired by the subscriber and indicating the function of the master (M) or slave (S), the essence of which is explained below. Table 17 can also be used to store other data, called service data, which is also explained below. Products P, ie, in particular, of program, you have permission to view this subscriber can be associated with subscription contracts or security modules. This means that products can be the same for all security modules of the subscriber or, alternatively, can be different for different modules. Consequently, it is possible, for example, to limit the range of products available for a specific set of decoder and a security module. The person skilled in the art it is obvious that product is you can be a TV broadcast, packets from multiple channels or a separate program. Phase, including data search and create relationships in the database, marked on figa number 23.

You must then send to the module SS protection key Uk1 encryption that is associated with a unique number SNd1 decoder STB1 to provide the ability to encrypt the transmission of information between the security module and the decoder. This key is usually forward in the management message EMM, encrypted global private key operator is the same for all security modules managed by the operator. The decoder associated with the security module, which is intended message, you may receive this message and pass it to the security module, which decrypts the message using the global private key operator and retrieves the binding key Uk1. This binding key is stored in the memory of the first module ICC1 protection with a unique number SNdthe decoder. The step of forming the pair marked on figa number 24. In the next step 25 in the protection module load right decryption for the products P that are defined in accordance with the information of the table 17 in the database.

Database control center assigns a security module connected to the first decoder, the function M leading, as illustrated in figa stage 26.

After the ode to all the data in the database and transmit a bind key U k1 the protection module decoder STB1 must be activated to enable decoding, as illustrated by stage 27. Thus, the control center sends this decoder the command decoder". "Command decoder" is a command intended for a decoder to be passed in the authorization message EMM and processed by the security module, since the decoder does not contain a sufficient amount of memory required for direct processing of this command. The authorization message EMM is transmitted encrypted with the global key of the operator. The security module decrypts the message using the global key. Since the security module may determine that this command does not apply to him, this module encrypts the command using the binding key Uk1 and sends it to the decoder, which decodes the message and executes the command.

This "command decoder" contains the identification data of the control module protection, which usually represent the identification number SNMthis module, or may represent other data, providing identification of the protection module, and the parameter is deactivated, which usually represents a time value. Identification data remain in the memory of the decoder, and the parameter deactivation is attributed MF is tchico decoder. It should be noted that in the present example, the identification number SNMmanaging security module coincides with the identification number SNs1 of the first protection module, and the first protection module has the function of the control module.

At this point, the decoder requests a unique number SNsa security module and compares it to the number received in the message containing the command decoder". If these values match, what happens if the original module was not replaced by another module, the decoder acts on the means of deactivation to unlock the transfer of control messages ECM software to the security module, and the control word can be decoded. This also activates the counter decoder. If the subscriber has only one decoder and only one protection module, they work in pairs, as described in patent application WO 99/57901, and decrypting the encrypted information is made known method.

In the above description, the information exchange between the security module and the decoder is encrypted using the binding key Uk1. However, the transmitted information may also be encrypted using a session key, which is different from the binding key, but is created based on it.

When purchasing p is descimon second decoder it, of course, should purchase the second security module. The whole process of activating the second decoder presented on fig.2b. The acquisition of the second decoder STB2 and the second module ICC2 protection is illustrated by stage 30. As before, the subscriber should contact the center CG of management and to inform the identification data containing, in particular, a unique number SNd2 and SNs2 the second decoder STB2 and the second module ICC2, subscription number and possibly the name Sub1 for authentication at step 31 shown in fig.2b. On the stage 32 is the search of necessary data in the database and update the database with new information, as described above with reference to figa. The database allows you to find the wrapping key Uk2, which is then stored in the decoder STB2. This linking key Uk2 is associated in the database with a unique number SNd2 the second decoder STB2. At step 33 connecting the key Uk2 is sent to the second security module to provide an exchange of encrypted information between the security module and the decoder. At step 34, the control center sends the second module ICC2 protection products list. At step 35 the second module ICC2 protection is attributed in the database of the control center function S slave. As before, the second decoder is sent "command decoder in the form of an encrypted message authorization is AI EMM. This command contains the option is deactivated and the identification number SNMcontrol module protection. On fig.2b this operation is illustrated by stage 36. As before, these two pieces of data are stored in the decoder, and the identification data stored in the memory, and the parameter deactivation is attributed to the counter of this decoder.

At this point, the decoder and the protection module is not yet activated; therefore, the decoding of broadcast programs encrypted by the operator, is not permitted. Decoder and a security module with the function of the slave must be activated leading ICC moduleMprotection, which in the above example corresponds to the first module ICC1 protection. To do this, the subscriber receives a message telling him to insert the first module ICC1 protection or the master module ICCMprotect the second decoder STB2 or slave decoder S. This operation is illustrated in fig.2b stage 37. Simultaneously with this message or after the decoder sends contained in the security module command to get the ID numbers SNsof this module. This number is compared with the identification number SNMthe host protection module, available from the center for CG control and stored in the second decoder, by means of comparing the identification data. If these two numbers coincide is up, the decoder activates the processing of a data stream, and runs counter to this decoder. He also displays a message to the user, prompting him to insert the second module ICC2 protection to the second decoder STB2. After carrying out the desired operation includes means is deactivated, allowing the information processing pay-TV and view programs. Thus, activation of the second decoder STB2, illustrated by stage 38 completes.

In case of purchase by the subscriber of the third or n-th decoder performs the same actions as in the case of the second decoder. The subscriber identifies himself at the center of CG management and reports unique number SNddecoder and a unique number SNscorresponding protection module. These items are recorded as slave components S. the Relationship between slave security module and the decoder is installed in the usual method, similar to the case of loading products R.

Then, the decoder stores the value of time and the unique identification number SN1 control module contained in the command decoder"sent by the control center. This value can be unique for each pair of the protection module and the decoder or the same for some or all such pairs. At this stage, the slave decoder requests a unique number STBn fashion what I protect. If this number coincides with the number of the control module, the decoder is activated. However, to view programs must again be inserted into the decoder corresponding slave module protection.

It should be noted that in this description assumes that the first security module is also leading the security module, which, of course, true if the subscriber has only one set of decoder and a security module. On the other hand, if the subscriber has multiple decoders, the first one can be registered as master by default, but then the lead can be assigned to any other decoder. To do this, send a request to the control center, which changes the settings in the database, as well as in the respective security modules and all the decoders. Only one of the security modules that belong to the given subscriber, receives the lead; all other protection modules are treated as slaves.

After carrying out the above procedure, different sets of decoders and protection modules subscriber enable decryption and viewing programs pay-TV. The option is deactivated (time value)stored in the counter of each decoder is used to manage the kill and prevent decryption in case the e perform certain criteria, for example, after a certain time.

In the first example embodiment of the invention, the parameter is deactivated (time value) corresponds to a specific duration, for example, equal to 30 days. Thus, deactivation of the decoder occurs upon expiration of the validity duration of 30 days. Parameter deactivation is stored in each decoder.

In normal operating conditions, i.e. when the security module is inserted into a corresponding decoder, the counter value stored in the decoder is reduced at regular intervals, for example every day or every hour, on such number of units which provides the counter reaches the zero value at the expiration of a predetermined period. Can also be provided by increasing the value of the counter reaches a predetermined value. This process is illustrated in figure 3. In this diagram it is assumed that the module ICC1 protection is the leading module, and the module ICC2 protection - slave module. The decoder STB1 and STB2 are associated respectively with modules ICC1 and ICC2. At step 40, the decoder queries contained in the security module at regular intervals to determine its identification number SNs. If this number matches the identification number SN2 of the second security module, the stage 41 is Prov the pKa equal to a counter value to zero.

If the counter value is not zero, then the counter value of the second decoder is reduced at a predetermined rule. This operation is performed at step 42, is shown in figure 3.

If the counter value is zero or has reached a predetermined value, as illustrated by stage 43, deactivation means are used so that the subscriber loses the opportunity to view programs. Functionality means of deactivation can be programmed several options disable access to the information of pay television. Thus, the decoder can be switched to block the transmission of control messages ECM containing data related to the programs, the protection module, and these messages do not reach the security module. It can also be disabled from receiving decoder decoded control words sent back by the security module. Another possibility consists in blocking sound and image coming from the decoder module decoder, and decoding is performed in normal mode, but the user does not receive information on the screen of the television installation. In all cases, the blocking of the display of the programs is performed by the decoder.

After the reset of the counter or the attainment of a predetermined value to enable desif ovci programs necessary to carry out the reactivation of the set. It should be noted that in accordance with this embodiment of the invention for the reactivation of the set is not necessary to wait until the counter reaches zero. Reactivation can be done up to this by resetting the counter that allows him to avoid reset. To do this, the decoder may be provided with a means of indicating the status of the counter.

Reactivation decoder, Deaktivierung when the counter reaches the zero value, as follows. Assume that the counter of the second decoder STB2 reached zero or a predetermined value, and the counter has been deactivated. Module ICC2 protection associated with the deactivated decoder, are removed from the decoder. At step 44, is shown in figure 3, the decoder inserts a leading security module or the first module ICC1 protection. The slave decoder sends a command to obtain a unique identification number SNsthis security module in the decoder. Then, the decoder checks by means of comparison, whether the unique identification number of the leading security module identification number SNMstored in the decoder when it is initialized. This operation is performed at step 45, is shown in figure 3. If the numbers do not match, at step 46 is the initialization of the decoder and counter introduces the second option is deactivated (time value). This option is deactivated usually corresponds to the value stored in the decoder. It should be noted that the parameter is deactivated stored in the decoder can be changed using the authorization message EMM sent by the control center. In this case, each reactivation uses the new value stored in the decoder. It may also be a value obtained directly from the control center in the authorization message EMM sent to the security module. If this value is not stored in the decoder, it is only used in the current reactivation. The master security module can be removed from the decoder, and it can be inserted slave module ICC2 protection associated with the decoder to decode the information sent by the operator. If the identification number of the host protection module does not match the stored number, reinitialization of the counter is not performed, and the ability to view programs are not available. In the preferred embodiment, on the screen of the television installation associated with deactivated by the decoder displays the instructions for the subscriber, providing step-by-step carrying out the necessary operations.

In the preferred embodiment, for reinit counter is not necessary to wait until prompted by the onscreen soo the placements. Operation reinit essentially can be made at any time by placing the host protection module to one of the slave decoders.

In accordance with one of the embodiments may be possible to increase the counter value from "manual" to the value corresponding to a relatively short period of time, for example, equal to two hours. This allows the user to finish watching the current program despite the achievement of the counter decoder zero values. In accordance with another embodiment may provide for the display of a message, notifying the subscriber that the security module can only operate within a relatively short period, for example, equal to 48 hours.

This function can be performed by determining the value of the counter at regular intervals. Thus, the subscriber is able to increment a counter within a certain period of time by entering the host protection module to deactivate the security module.

The first security module associated with the first decoder, which is attributed to the status of the leading works in the same way as slaves. However, as is usually the first security module installed in the first decoder, the reinitialization of the counter is made through the PE warnie intervals. In normal operating conditions when reaching this counter zero leading protection module immediately produces its reinitialization. Thus, host protection module and its associated decoder usually can always make a decryption programs.

In accordance with another embodiment of the invention the decoder at regular intervals sends a command to obtain the unique identification number of the security module inserted in the decoder. If the identification number matches the identification number of the master module, the initialization of the counter. In this case, during normal operation, i.e. if the master security module installed in the corresponding decoder, the counter decoder associated with the host module, never reaches a zero value.

This alternative is also convenient for the subscriber decoders which are connected with the slave modules protection, because it allows reinitialization of the counter at any time, regardless of the actual counter value. In this case, the control module protection can be left in one of the decoders connected to the slave module to generate the next command decoder search identification number. Can also be provided for manual activation of this element in the management of the user or the automatic issuance of commands in each room of the security module in the decoder.

Can also be provided by the solution in which the interval between issuing two commands search identification number is relatively large for large values of the counter and decreases with decreasing values of the counter. So, if a warning message informs the subscriber about the need to enter the host protection module in any decoder within a relatively short period in order to avoid the reset of the counter, the subscriber must leave the master security module in the decoder for reinit until the next command is issued, to obtain the identification number transmitted by the decoder. The duration of this period is usually several hundreds of milliseconds.

In an alternative embodiment of the invention, the counter contains a certain date. The data stream sent by the control center, contains a signal containing information about the time of day and date indicated by reduction TDT (Time & Date Table). The slave decoder at regular intervals compares the counter value with the current date contained in the signal TDT. If the date stated in the counter is greater than the current date, the decoder is operating normally, i.e decryption information.

If the current date is transmitted with the signal TDT, is equal to or greater than the date of the counter, the decoder blocks the transfer of control is the next ECM module protection so that decoding the program information becomes impossible. It should be noted that, as in the previous case, the counter value can be increased manually for a few hours, to avoid the need for a data refresh operation during viewing of the program by the subscriber. The subscriber receives a message telling him to insert a leading security module in the slave decoder.

In accordance with one variant of implementation, the counter contains a numeric value corresponding to a certain number of time pulses. The data flow contains the program includes time information is sent at regular intervals. Each time you receive decoder his pulse counter is incremented, for example, by one unit. The interval between the two pulses can also be varied to change the interval between the two reactivations.

In these embodiments, the implementation of the control center may be encrypted counter value in the command decoder", addressed directly to one protection module or group of modules. The protection module, which is addressed to this team, decrypts it and encrypting it with the binding key, again sends to the decoder, which performs towards him, thereby changing the value of the corresponding counter.

As described the above, increasing counter values of the slave decoders is performed in accordance with the value of time saved to restart the decoder. The authorization message EMM can also be sent to a particular decoder in the "command decoder, and for this decoder is set to deactivate (time value). In this case, the new value applies only to the decoder or decoders, which the message is addressed. This method allows, for example, an immediate deactivation of the decoder, the legality of the purchase of which was doubtful.

In accordance with the second embodiment of the invention, illustrated in figa and 4b, when the user buying contract C1 subscribe to pay TV, the user also gets the first decoder STB1 associated with the first module ICC1 protection. Activation of a set of decoder and a security module is exactly the same as described above with reference to figa. Thus, the symbols in figa coincide with symbols on figa.

Briefly, in the database DB of the data center CG management search data associated with the user, the first decoder and the first protection module. Linking key Uk1 is transmitted to the security module, as well as canned products and management function. "Command decoder", sod is Rasa option is deactivated (time value) and the identification number of the host protection module, is sent to the decoder. Installation is activated, resulting in the ability to decrypt the data and view programs.

The acquisition by the subscriber of the second decoder, of course, he must purchase the second security module. The whole process of activating the second decoder is depicted in fig.4b. In the first part of the process, i.e. on the steps 30-36, activation is performed as described above with reference to fig.2b. Thus, the subscriber communicates with the control center, which searches for relevant data in its database. Forming a pair of second module ICC2 protection and the second decoder STB2 produced by an ordinary method using a transmission connecting key Uk2 the protection module. Rights associated with the products, are also transmitted as described above, after which the decoder is sent "command decoder", containing the option is deactivated (time value) and the identification number of the host protection module.

The next stage 47 is different from the stage described for option on fig.2b. Essentially, at step 47 by binding of the leading module ICCMprotection or first module ICC1 protection with the second decoder STB2. This displays a message prompting the subscriber to insert the first module ICC1 protection or the master module ICCMprotect the second decoder STB2 or madamigella S. At this stage of the activation process, the center CG of the control sends the host protection module, a message encrypted with the global key operator and containing linking key Uk2 from the second decoder STB2 and the second module ICC2 protection. This key is used to encrypt the exchange of information between the second decoder STB2 and the first module ICC1 protection or the second module ICC2 protection. This key is stored in the mapping table stored in the host protection module.

At this stage, the slave decoder STB2 requests the unique number of the security module. If this number matches the number SNMthe host module, the decoder activates the processing of a data stream and provides the ability to view programs. This activation of the second decoder STB2, illustrated step 47 is terminated. It should be noted that to view programs, you must re-insert the second module ICC2 protection to the second decoder STB2 that illustrated in fig.4b stage 48. The ability to decode information of any decoder leading protection module can be provided, but in practice this solution is not desirable. Typically, the decryption is allowed when connecting a decoder with only one protection module, and Vice versa.

In case of purchase by the subscriber of the third or n-th decoder performs the same actions as in the case of acquisition of the second is codera. The subscriber identifies himself at the center of CG management and reports unique number SNddecoder and a unique number SNscorresponding protection module. These items are recorded as slave components s Downloading products P and the binding of the n-th decoder STBn with the n-th module ICCn protection are produced by a usual method using the binding key Ukn. Then by binding decoder, identified by the designation STBn, with leading module ICCM protection or the first module ICC1 protection through linking key Ukn. After that, the decoder stores the parameter is deactivated and a unique identification number SN1 of the leading module contained in the command decoder is transmitted by the control center. This value can be different for each pair of the protection module and the decoder or the same for some or all such pairs. Then leading the security module is activated set of the module and decoder. Decryption programs becomes possible when re-entering the n-th module ICCn protection in the n-th decoder STBn.

Deactivation of the decoders is performed in this embodiment, as described above with reference to figa and 2b.

Essentially, the reactivation of decoder options implementation figa and 4b and figa and 2b is performed in a similar manner. However, in the embodiment, is about figa and 4b decoder is not limited to a simple review of the unique identification number of the master security module. Is, essentially, a full authentication (authentication) of this module. You can use different authentication methods. One of these methods is described below. The slave decoder, for example STB2, generates a random number, which he sends in plain text format host protection module, for example ICC1. The module encrypts the specified number using the binding key Uk2, designed to encrypt the exchange of information between the decoder STB2 and leading module ICC1 protection. He then sends the encrypted number to the decoder STB2, which decrypts the specified number using the binding key Uk2 and compares the resulting number to the original number. The authentication operation can also be performed in reverse order. In this case, the master security module generates a random number and sends it in a simple text format decoder, which encrypts this number using the binding key Uk2 and again sends it to the security module. The security module decrypts the specified number and compares it with the original number. If the comparison shows that the two numbers are identical, the reinitialization of the counter, and again provided the opportunity to view programs. If obtaining the negative result of the comparison processing of data is not permitted.

This option ASU is estline invention provides a more reliable protection against inappropriate use of the security module.

Figure 5, 6A and 6b presents a special version of the invention, in which the subscriber has additional protection in addition to the usual sets of decoders and security modules.

As illustrated in step 60 on figa, user pay TV must first purchase contract C1. When purchasing a subscriber of the first decoder STB1 it, as in the previously described embodiments should purchase the first module ICC1 protection, which is illustrated in figa stage 62. Simultaneously with the acquisition of subscription it should also purchase additional protection module, called "the contract management module ICCCas illustrated by step 61. Ideally, this contract module can be easily distinguished from other security modules, for example, due to the fact that it differs from them by color, as shown in figure 5.

As in the previous embodiment, the center of the CG control contains a database with unique identification numbers SNddecoders and binding keys Ukassigned to these rooms. At step 63, depicted on figa, when a new subscriber is associated with the control center to initialize your decoder, it must specify a unique identification number SNCthe contract module, a unique identification number SNsthe first module protect what you identification number SNddecoder and the contract number. This information allows you to bind the database data corresponding to the security module, with the data corresponding to the decoder. This stage is marked by the number 64.

After you enter this information into the database, the subscriber is prompted to insert the first module ICC1 protection in the decoder STB1. This operation is performed at step 65. After that, the control center sends a binding message and initializes the message. Binding message contains binding key Uk1 for the binding of the first decoder STB1 with the first module ICC1 protection. The initiating message contains the parameter is deactivated (time value), and a unique identification number ICCCthe contract module. Parameter deactivation is stored in the first decoder. Then at step 66 the first security module is loaded the law relating to the products P, the right to deciphering which receives the subscriber.

After you enter this information into the database, the subscriber is prompted to insert a contractual ICC moduleCin the first decoder STB1, which corresponds to step 67. Then made a binding contract module and the first decoder using a binding key Uk1, is stored in the database, which allows, on the one hand, to connect the first decoder STB1 with the first module ICC1 for which the ITA, on the other hand, associate the first decoder STB1 contract with the ICC moduleCprotection. This binding is similar to that described above. It should be noted that, as a rule, the contract module has not authorized decryption of encrypted data. Upon completion of the associate that the security module with the first decoder, the subscriber is prompted again to insert into the first decoder module ICC1 protection. At step 68, the first decoder STB1 is sent to the activation command in the "command decoder to activate the first set of decoder and a security module and enable decryption programs. At step 69 in the decoder should be inserted first module SS protection to ensure your data.

The acquisition by the subscriber of the second decoder STB2 associated with the second module ICC2 protection (step 70 on fig.6b), the subscriber must contact the control center (step 71). At step 72 updates the data associated with the subscriber and a set of decoder and a security module. Then, at step 73, the second decoder STB2 is associated with the second module ICC2 protection, as described above. The decoder sends "command decoder", containing the option is deactivated (time value), which may be identical to the deactivation of the first decoder or to differ from him, as well as a unique identification number S cthe contract module. Rights associated with the products P are loaded on the second protection module at step 74. The second security module is removed from the decoder and inserted into the contract module ICCc. These two elements are linked in a couple of using the wrapping key Uk2 contained in the database. This binding is performed at step 75. To associate a second decoder with the second protection module uses the same binding key and binding decoder with contractual protection module. The counter of the second decoder is activated at step 76.

Then, at step 77, the contract module is removed, and the second module ICC2 protection again inserted into the decoder. At this stage you can view the encrypted programs.

The activation procedure of the third or n-th set of decoder and a security module is the same as the procedure described above for the second set.

As noted above, the contract module is usually not intended to decrypt the encrypted information. However, there may be contractual module, which, in contrast, is able to decrypt encrypted data received from any decoder of a particular subscriber, or limit the possibility of deciphering one or more decoders. The choice of which option is made by the operator, transmitting the encrypted info is rmatio.

If, as suggested above, the parameter is deactivated (time value) of the security module is a period of use, the counter is decremented at regular intervals. When it reaches zero, the decoding information is blocked, and the user receives an appropriate message. This message informs the subscriber that he should reactivate its own set of decoder and a security module. To do this, the subscriber must first remove the protection module from the decoder, and then paste in the decoder contract ICC moduleM. Authentication of this contract module is made either by simply checking a unique identification number, or by conducting a full authentication procedure using a random number as described above. Reinitialization of the counter is the same as described for the case of using the first protection module as a master module protection.

As indicated above, the master module ICCMprotection or contract the ICC moduleCprotection contains a table linking keys. This table provides storage of keys, connecting the master module with each decoder of a particular subscriber. In addition to these keys, the table also contains other data, such as data related to the "consumed" the program is, and service data. In table 17 in figure 1 of the data columns IPPV and Serv. respectively. These columns correspond to the data that is usually stored in the security modules after they have been transferred to the control center.

Data related to the consumption programs include, in particular, numbers and identifiers programs acquired in the mode of "impulse purchases" (denoted by reducing IPPV = Impulsive pay-per-view). Now, if impulsive buying programs possible, the credit for such impulsive purchases is stored in the module protection. Each impulsive buying program this credit is reduced by an amount corresponding to the value of a particular program. After the end of the original loan, the subscriber must contact the control center and request reinit (renewal) of your loan.

When using the system according to the invention the control IPPV can be done in two different methods. The first method described above, i.e. it assumes that the order of the program, the user communicates with the control center. In practice, the user may make an order indicating their choice of the operator or, for example, using the buttons of the remote control device.

When using the second method of operation is as follows. When making impulsive buyers the key data is stored, related to this purchase, ie, in particular, the identifier of the program and its price. The data may be stored in the module SS protection or in the STB decoder. With the introduction of the decoder host protection module, in particular, to increase the count value of the decoder, the data, including those related to IPPV, are transmitted to the host protection module or contractual protection module. If the data were stored in the decoder, they can be directly transferred to the host module in encrypted or in plain text format. If the data were stored in the module protection, they must first be transferred into the region of the buffer memory of the decoder. With the introduction of the decoder host protection module this data is entered into the table of the master module. After the transfer of those data to the host module can be made reinitialization of the counter.

Operation "collection" of data is a leading module or contract module in the same way for all slave units. Therefore, the leading protection module contains the appropriate data from all modules that belong to a particular subscriber. With the introduction of host protection module in the decoder that contains a modem that is connected to the return line connection (cable network or conventional telephone network), some and all data is sent to the control center. Typically, such data is sent is recorded in the encrypted form. Because the control center has all the keys, he can easily perform the decryption of the message content. Thus, it is possible to accurately determine the content of the programs used by the subscriber using each of the particular decoder that allows you to create a common account for all used programs. When transferring these data to the control center he, in particular, receives information about the status of the credit for each module protection. Therefore, the control center can also increase the loan that will allow the subscriber to make impulsive purchases. It also provides flexible and accurate control of the loan provided to each subscriber.

Accurate information about the programs consumed by each subscriber and each decoder each subscriber allows you to get numerous advantages. On the one hand, as indicated above, simplified regulation of loans for impulse shopping. On the other hand, it is possible to obtain various statistics, for example, the periods of use of each of the decoder for each channel. In particular, it allows to determine the levels of consumption of different products and to pay costs in accordance with the actual consumption, not on the basis of preliminary estimates. It also allows yet to make accurate statistical profiles for each decoder, and thus, it provides an opportunity to develop for users of these decoders proposals related programs or products, to meet these requirements.

The table may also contain auxiliary data. These data can, for example, to describe the levels of the reception signal, so that, in particular, to inform the subscriber about non-optimal orientation of the antenna and the need to call an expert to configure it. It is also possible to accurately determine the position of the satellite antenna television to produce the optimal coverage. Other ancillary data may, for example, to describe the periods of operation of the decoders of any type, or contain any other information which may be useful for optimal functioning of the system and calculating statistical data, as described above. Service data can also contain information regarding software versions or update dates of such software.

This information is also collected leading or contractual protection module, and then transmitted to the control center with the introduction of this module in the decoder, connected to the network-connected modem.

If the hardware decoder of the subscriber does not contain a modem, or none of the decoders is not connected to the telephone line, the subscriber may be radlogin to make a referral contractual protection module in the mail. In this case, the control center, requiring the sending of this module, you may take measures to ensure that in the absence of this module the subscriber performing the functions of the decoding is not interrupted. This can be done check parameters deactivation (time value) and increase those values, zeroing possible during the period when the subscriber does not have a contract module. The control center can increase the credit of the subscriber, since the size of the consumed loan exactly known.

Getting all the data for all decoders, registered in the name of the same subscriber is convenient because it allows you to make single bill for all programs consumed by each subscriber. In addition, this has a chilling effect similar to that mentioned in the objectives of the present invention, because the subscriber who resell its own set of security module and decoder to another user, receives the account of the other user. Also, if possible impulsive purchase, the subscriber cannot control the amount of impulse purchases produced by this other user, and receives the corresponding payment for them.

Figa-7d illustrate various configurations of the decoder, which can be used in the device according to the invention. The device according to Figo illustrates normal on the encoder, containing an internal module D of the decryption and the removable module ICC1 protection. This is the most commonly used configuration corresponds to the above description.

On fig.7b presents decoder figa, optionally containing a second device for reading the security modules. In this case, the slave module ICC1 protection associated with the decoder, can be left in the decoder.

The second reader can be inserted into the master module ICC1 protection or contractual protection module, if its use is necessary.

On figs depicts an implementation option, in which the decoder contains, on the one hand, the reader module ICCCprotection, and on the other hand, the module ICC1 protection, built-in decoder and executed in a standard electronic module. In normal operating conditions is typically used protection module, built-in decoder. If necessary, re-initialization of the counter you are using an external security module. This protection is, by definition, the contract module. This variant embodiment of the invention also allows the use of a removable module when further use of the internal module is not possible, for example, after significant changes in the functions performed by this module.

Fig.7d similar figs with the difference that the internal security module is built into one integrated circuit module D decoder.

The functions of the module protection can also be integrated in module D of the decoder.

In the above description, it was assumed that the first module ICC1 protection is the leading module in case the subscriber does not use the contract module. If the subscriber uses the contract module, this module performs the functions of the master module. Therefore, unless otherwise specifically indicated in the text, leading the security module may be one of the security modules associated with the decoder, which was attributed to the lead, or contract extension.

1. A decoder for processing data, pay TV, interconnected with at least one removable protection module through the exchange of identification data contained in the specified decoder and removable protection module, and the decoder includes a decoder module, characterized in that it further comprises means for deactivating the data processing pay-TV and the counter affecting mentioned means is deactivated in accordance with the counter value.

2. The decoder according to claim 1, characterized in that it further comprises at least one memory element containing the specific identification data in a removable security module, non-removable security module associated with a decoder, and means for comparing the specific ID is s data stored in the memory, the identity of the removable security module contained in the decoder, and the initialization of the counter is done by comparing the identification data.

3. The decoder according to claim 1, characterized in that it further configured to save the setting deactivation and includes means for comparing this parameter is deactivated with the value of the specified counter.

4. The decoder according to claim 3, characterized in that the parameter is deactivated represents the expiration date or numeric value.

5. The decoder according to claim 1, characterized in that it includes means for receiving commands that affect the value of the specified counter.

6. The decoder according to claim 5, characterized in that it is locally connected to a removable security module, with the means of receiving commands admit commands that affect the value of the specified counter, from the removable security module.

7. The data management system pay TV, containing at least two decoders, each of which is interconnected with at least one removable protection module through the exchange of identification data contained in the specified decoder and the specified removable protection module, each of the decoders includes a decoder module and deactivate data pay TV, distinguishing the I, each decoder further comprises a counter, affecting mentioned means is deactivated, and at least one of the removable security modules appointed lead protection module and includes means for reinit of these counters, decoders.

8. The system according to claim 7, characterized in that each of the decoders includes a memory element that contains identification information relating to the host protection module, and means for comparing the identification data stored in the memory, the identity of the removable security module contained in the decoder, and initialize the counter of each of the decoders is done by comparing the specified identification data.

9. The system according to claim 7, characterized in that only the removable security module, the master module protection, includes means for reinit of these counters.

10. The system according to claim 7, characterized in that it contains more concerning the number of decoders removable security module, and this additional removable protection module appointed lead protection module and includes means for reinit of these counters, decoders.

11. A method of controlling at least two decoders for data pay TV, each of which is assigned to the subscriber and contains tools inactive the AI data processing pay-TV and the counter, acting on these funds is deactivated, and each subscriber has at least two removable security module, which can be locally connected to at least one decoder, the method includes the following steps:

determine at least one leading the security module from the removable security modules belonging to the subscriber,

retain the identity of the master security module in each of the decoders subscriber,

inactivate processing data decoder by means of a counter in accordance with at least one predetermined criterion,

perform reinitialization of the counter through the introduction of a host security module in idle decoder.

12. The method according to claim 11, characterized in that it includes a step of verification of conformity identity of the master security module.

13. The method according to item 12, wherein the step of verification of conformity identity of the master security module includes the step authentication unique identification number of the leading security module using a key that links this leading protection module with reaktiviram decoder.

14. The method according to claim 11, characterized in that the deactivation data additionally produce by sending messages, at least, one of the WMD from the subscriber decoders, the sending of this message is produced by the control center.

15. The method according to claim 11, characterized in that the initialization counter is manufactured using parameter values deactivation stored in each decoder.

16. The method according to item 15, wherein the specified value of the parameter is deactivated passed to the decoder using at least one message management authority EMM.

17. The method according to claim 11, characterized in that the decoder is connected to the host protection module, which you are not authorized to re-initialize the counter of the specified decoder, and the method includes the following steps:

save the data processing of pay TV decoder

discover the introduction of host protection module,

transmit data data processing host protection module.

18. The method according to claim 11 or 17, characterized in that the produced data processing, stored in the host protection module in the control center.

19. The method according to p, characterized in that to produce the transmission data associated with the subscriber, in the control center.



 

Same patents:

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

Up!